As we continue our look at the PYZ Technology Case Study for the course, you will continue to build out your Technology Strategy and Security Policy Overview. This week, you will make an Objectives Identification table that is similar to the table is shown in Chapter 7, Figure 7.1 of Stackpole and Oksendahl. Focus on 2 of the 6 basic attack scenarios and 2 of the 7-system network attack scenarios.

Include the following in your table:

• Name of Attack
• Security Tactic
• Description
• Response if Breached
• Applicable Principle
  • This will determine which of the defined principles drives your tactic.

1. System flaws-Exploit weakness in the operating system, services, hardware, firmware, or software, including coding errors (e.g., buffer overflows) or architecture flaws (e.g., Remote Procedure Call [RPCD). 2. Configuration flaws-Exploit errors in the system configuration, including blank or default passwords; enable anonymous or guest accounts and incorrect share of file permissions (e.g., EVERYONE Read/Write). 3. Unsecured trusts-Exploit trusts with other systems by poisoning domain naming services (DNS), routing and address resolution entries, or using existing database or Distributed Component Object Model (DCOM) connections to compromise data. 4. Malware infection-Implant a piece of malicious code on the system using an e-mail attachment, a malicious download, or a drive-by-attack website. 5. User impersonation-Compromise a legitimate user's credentials by guessing or cracking their password, getting them to disclose it (e.g., phishing), or by capturing it with a man-in- the-middle system or a sniffer. 6. Process flaws-Become a user on the system by gaming the provisioning process, or con- vincing (or coercing) someone to create an account for you (i.e., social engineering).1. System flaws a. Data access-Exploit weaknesses in the operating system, hardware, firmware, protocol, or services to access data (e.g., cracking wireless encryption) or to access other networks (e.g., virtual local area network [VLAN] hopping). b. Denial of Service-Exploit a weakness in a transit node to cause it to fail (e.g., Ping of Death), slowdown (e.g., starvation attack), or malfunction sending data into a black hole. 2. Passive wiretapping-Capture data or credentials in transit on a link using a sniffer or a man-in-the-middle system. 3. Data insertion-Write data to the link such as a cookie or a packet with credentials to gain access to a resource. 4. Node impersonation-Become or compromise a transit node on the link to capture the data or credentials passing through it or to redirect traffic to another system. 5. Configuration flaw-Exploit the configuration of a transit node to gain access and redirect traffic to another system (e.g., ARP, routing or DNS poisoning). 6. End-point impersonation-Appear to be the legitimate end point of the link by cloning the real system or by DNS poisoning. 7. Process flaws-Become a permitted node on the link by convincing or coercing someone to add your transit node to the network. Once attached it can be used to capture data and credential